ProHoster > Blog > internet news > Kaspersky Lab discovered a tool that violates the HTTPS encryption process

Kaspersky Lab discovered a tool that violates the HTTPS encryption process

Kaspersky Lab has detected a malicious tool called Reductor that allows you to replace the random number generator used to encrypt data during its transmission from the browser to HTTPS sites. This opens up the possibility for attackers to secretly monitor the user's actions in the browser. In addition, the found modules included remote administration functions, which maximizes the capabilities of this software.

Using this tool, the attackers carried out cyber-espionage operations on diplomatic missions in the CIS countries, mainly monitoring user traffic.

Kaspersky Lab discovered a tool that violates the HTTPS encryption process

The malware is installed mainly with the help of the COMPfun malware, previously identified as a tool of the Turla cybergroup, or by replacing “clean” software during downloading from a legitimate resource to the user’s computer. Most likely, this means that the attackers have control over the victim's network channel.

“This is the first time we have encountered this kind of malware that allows you to bypass browser encryption and go unnoticed for a long time. The level of its complexity suggests that the creators of Reductor are serious professionals. Often such malware is created with the support of the state. However, we do not have evidence that Reductor is related to any particular cyber group,” said Kurt Baumgartner, a leading antivirus expert at Kaspersky Lab.

Kaspersky Lab discovered a tool that violates the HTTPS encryption process

All Kaspersky Lab solutions successfully recognize and block the Reductor program. To avoid infection, Kaspersky Lab recommends:

  • regularly audit the security of the corporate IT infrastructure;
  • install a reliable security solution with a web threat protection component that allows you to recognize and block threats that try to penetrate the system through encrypted channels, such as Kaspersky Security for Business, as well as an enterprise-grade solution that detects complex threats at the network level at an early stage, for example Kaspersky Anti Targeted Attack Platform;
  • connect the SOC team to the threat intelligence system so that it has access to information about new and existing threats, techniques and tactics used by attackers;
  • regularly conduct trainings to improve the digital literacy of employees.



Source: 3dnews.ru

Add a comment